CVE-2026-25722 – CVE-2026-25722 is a directory traversal vulnera... (How to Fix)

Q: What is the severity of CVE-2026-25722?

CVE-2026-25722 has a CVSS score of 9.1 (CRITICAL). CVE-2026-25722 is a directory traversal vulnerability in Claude Code that allows attackers to bypass write protection in sensitive directories like .claude. By using the cd command to navigate into protected folders, attackers can create or modify files without user confirmation. This affects users of Claude Code versions before 2.0.57 who process untrusted content.

📋 TL;DR

CVE-2026-25722 is a directory traversal vulnerability in Claude Code that allows attackers to bypass write protection in sensitive directories like .claude. By using the cd command to navigate into protected folders, attackers can create or modify files without user confirmation. This affects users of Claude Code versions before 2.0.57 who process untrusted content.

💻 Affected Systems

Products:

Claude Code

Versions: All versions prior to 2.0.57

Operating Systems: All platforms running Claude Code

Default Config Vulnerable: ⚠️ Yes

Notes: Requires ability to add untrusted content to Claude Code context window.

📦 What is this software?

Claude Code by Anthropic

View all CVEs affecting Claude Code →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify configuration files, inject malicious code, or compromise the Claude Code environment leading to data theft or system compromise.

🟠

Likely Case

Unauthorized file creation/modification in protected directories, potentially altering Claude Code behavior or stealing sensitive data.

🟢

If Mitigated

Limited impact with proper input validation and sandboxing, though some unauthorized file operations may still occur.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to inject commands into Claude Code context window.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.57

Vendor Advisory: https://github.com/anthropics/claude-code/security/advisories/GHSA-66q4-vfjg-2qhh

Restart Required: Yes

Instructions:

1. Check current Claude Code version
2. Update to version 2.0.57 or later
3. Restart Claude Code application

🔧 Temporary Workarounds

Restrict untrusted content

all

Prevent adding untrusted content to Claude Code context window

Monitor .claude directory

linux

Set up file integrity monitoring on .claude directory

# Linux: inotifywait -m -r ~/.claude

🧯 If You Can't Patch

Restrict Claude Code usage to trusted environments only
Implement strict input validation for all content processed by Claude Code

🔍 How to Verify

Check if Vulnerable:

Check if Claude Code version is below 2.0.57

Check Version:

Check Claude Code settings or about dialog for version information

Verify Fix Applied:

Confirm version is 2.0.57 or higher and test directory protection

📡 Detection & Monitoring

Log Indicators:

Unexpected file modifications in .claude directory
cd commands targeting protected directories

Network Indicators:

None - local vulnerability

SIEM Query:

File modification events in .claude directory from Claude Code process

📊 Metadata

CVE ID: CVE-2026-25722

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-20

EPSS Score: 0.15% exploit probability (35.5th percentile)

Published: February 6, 2026

Last Updated: February 9, 2026

🔗 References

https://github.com/anthropics/claude-code/security/advisories/GHSA-66q4-vfjg-2qhh Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-25722, you might also want to check these: